Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: AW: IDS

from [Thomas Choi] Network Security [Permanent Link]
Subject: Re: AW: IDS
Date: Wed, 05 Jul 2006 17:04:28 -0400
Barthel, Frank wrote: 
Look at Cisco NAC or McAfee ePO with MPE.
These are implementations that first put the client in a quarantine VLAN, then 
check the client and push the needed updates to the client.
After that, the port of the switch (NAC) or the desktop-firewall-policy (MPE) 
will grant the network access.

I agree. Network Access Controls (NACs) would do exactly what Gopi is looking for.

NACs typically comprise of an interrogation engine that scans hosts against predefined computing policy criteria before granting network access. Such policies could ensure that all hosts on your network have a desktop firewall, OS patches up-to-date, AV definitions up-to-date, no known malicious files or entries in registry etc... Depending on the severity/magnitude of non-compliance, the machine can either be provided limited access to the network or their access can be blocked entirely.

In addition to the products that Frank mentioned above, you might also want to take a look at Forescout's CounterACT which in addition to providing NAC services, can also block fast propagating malware on your network.

Nortel also has a similar product called NSNA that you might want to check out as well.


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IDS, Alan Shimel
Next by Date:  RE: IDS, Alan Shimel
Previous by Thread:  AW: IDS, Barthel, Frank
Next by Thread:  Re: IDS, Ron Gula
Indexes:  [Date] [Thread] [Top] [All Lists]